Situation
This vulnerability allows a local attacker with SeImpersonatePrivilege to elevate to 'NT AUTHORITY\System'. Impersonation enables the server thread to perform actions on behalf of the client, but within the limits of the client's security context.
Solution
This problem has been fixed in version 20.02.00, so any later version will not be affected.
Acknowledgements
Panda Security would like to thank the researcher Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative for his dedication and effort in improving the safety of our products.
Technical Support
Need help?
Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability
Help nº- 20211122 100077 EN